#!/bin/sh

ME="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
MEAT=$(dirname $ME)

cat  >/etc/profile.d/shopex_tty.sh<<'EOF' 
#!/bin/bash

IPADDRS=`/sbin/ifconfig | grep -P -o "((eth[\w:]+)|(addr:[\d.]+)|(lo[\d:]*))" | perl -e '%face;foreach (<STDIN>){$int=$1 if (/((?:(?:eth)|(?:lo))[\d:]*)/);$face{$int}=$1 if (/addr:([\d.]+)/);};foreach $interf (sort keys %face){print "$interf = $face{$interf}\t" if ($interf !~ /^lo$/)}'`

if [ $UID -eq 0 ]
then
        PS1="\n\n\033[1;34m[\u@\H]\e[m  \033[1;33m$IPADDRS\e[m \n[\t] PWD => \033[1;35m\w\e[m\n\#># "
else
        PS1="\n\n\033[1;34m[\u@\H]\e[m  \033[1;33m$IPADDRS\e[m \n[\t] PWD => \033[1;35m\w\e[m\n\#>\$ "
fi
EOF


#Disable SeLinux
if [ -s /etc/selinux/config ]; then
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
fi

cat > /etc/sysconfig/iptables << 'EOF'
# Generated by iptables-save v1.3.5 on Tue Aug  2 02:00:13 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [70202:5483561]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT 
-A FORWARD -j RH-Firewall-1-INPUT 
-A RH-Firewall-1-INPUT -i lo -j ACCEPT 
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT 
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 60.195.249.83 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 60.195.252.107 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 60.195.252.110 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 60.195.252.106 -p tcp -m tcp --dport 3306 -j ACCEPT 
-A RH-Firewall-1-INPUT -s 60.195.249.83 -p tcp -m tcp --dport 3306 -j ACCEPT 
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Tue Aug  2 02:00:13 2011
EOF

iptables-restore < /etc/sysconfig/iptables
service iptables save
service iptables restart
iptables -vnL
sleep 1

modprobe ip_conntrack_ftp
if [ $? -eq 0 ]; then
    sed -i "/modprobe ip_conntrack_ftp/d" /etc/rc.d/rc.local 
    echo "modprobe ip_conntrack_ftp" >> /etc/rc.d/rc.local 
fi
modprobe ip_nat_ftp
if [ $? -eq 0 ]; then
    sed -i "/modprobe ip_nat_ftp/d" /etc/rc.d/rc.local 
    echo "modprobe ip_nat_ftp" >> /etc/rc.d/rc.local 
fi


cat > /etc/sysctl.conf << 'EOF'
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 0
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024  65535
kernel.shmmax = 268435456
net.ipv4.ip_conntrack_max = 655360
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 180
EOF
/sbin/sysctl -p
sleep 1

cat > /etc/security/limits.conf <<'EOF'
*               soft    nofile          65532
*               hard    nofile          65532
EOF
ulimit -a
sleep 1

declare -a closelist
closelist=(
avahi-daemon
bluetooth
cpuspeed 
cups
firstboot
gpm 
ip6tables
isdn
lvm2-monitor
mdmonitor 
netfs 
nfslock
pcscd
portmap
rhnsd
rpcgssd 
rpcidmapd 
smartd
xfs 
yum-updatesd 
hplip
hidd
)

for((count=0,i=0;count<${#closelist[@]};i++))
do
    /sbin/chkconfig --list | grep ${closelist[i]}
    if [ $? -eq 0 ]; then
        cmd="/sbin/chkconfig ${closelist[i]} --level 3 off"
        echo $cmd
        `$cmd`
    fi
    let count+=1
done

grep "unset MAILCHECK" /etc/profile
if [ $? -ne 0 ]; then
    sed -i "/unset MAILCHECK/d" /etc/profile
    echo "unset MAILCHECK"  >> /etc/profile
fi

#set idle time
sed -i 's,^#ClientAliveCountMax.*,ClientAliveCountMax 60,g' /etc/ssh/sshd_config
/etc/init.d/sshd restart

#uninstall useless package
wget -q   http://lnmpp.googlecode.com/files/rhel54.x86_64.mirror.dev.shopex.cn.repo  -O  /etc/yum.repos.d/rhel54.x86_64.mirror.dev.shopex.cn.repo
#Synchronization time
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

yum install -y ntp
/usr/sbin/ntpdate -d cn.pool.ntp.org
date
sed -i "/\*  \* \* \* \* /usr/sbin/ntpdate cn.pool.ntp.org/d" /var/spool/cron/root
echo "* * * * * /usr/sbin/ntpdate cn.pool.ntp.org" >> /var/spool/cron/root
crontab -l
sleep 1

rpm -qa|grep  httpd
rpm -e httpd
rpm -qa|grep mysql
rpm -e mysql
rpm -qa|grep php
rpm -e php

yum -y remove httpd
yum -y remove php
yum -y remove mysql-server mysql
yum -y remove php-mysql

yum -y install yum-fastestmirror
yum -y remove httpd
#yum -y update

#install base
for packages in patch make gcc gcc-c++ gcc-g77 flex bison file libtool libtool-libs autoconf kernel-devel libjpeg libjpeg-devel libpng libpng-devel libpng10 libpng10-devel gd gd-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glib2 glib2-devel bzip2 bzip2-devel libevent libevent-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel vim-minimal nano fonts-chinese gettext gettext-devel ncurses-devel gmp-devel pspell-devel unzip;
do yum -y install $packages; done
#
cmake
if [ $? -ne 0 ]; then
    rpm -ivh "http://lnmpp.googlecode.com/files/cmake-2.6.4-7.el5."$( uname -m)".rpm"               
fi

curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/pcre/pcre-8.01.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/nginx/nginx-1.0.5.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/mysql/mysql-5.5.14.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/libmcrypt/libmcrypt-2.5.8.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/mhash/mhash-0.9.9.9.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/mcrypt/mcrypt-2.6.8.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/libiconv/libiconv-1.13.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/php/php-5.2.14.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/memcached/memcached-1.4.6.sh  | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/zend/zend-3.3.9.sh  | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/php_memcache/php_memcache-2.2.6.sh | sh
sleep 2
#curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/php_svn/php_svn-1.0.1.sh | sh
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/snmp/snmp-5.3.2.sh | sh
sleep 2
curl  http://lnmpp.googlecode.com/svn/branches/aliyun/lib/proftpd/proftpd-1.3.3d.sh | sh
